Europol Captures 12 Suspected Cyber Crime Criminals in International Raid
Table of Contents
- By David Lukic
- Published: Nov 12, 2021
- Last Updated: Mar 18, 2022
After an extensive 2-year investigation, Europol announced Friday that they had captured individuals across different criminal organizations suspected to be instrumental in ransomware attacks that have hit organizations worldwide.
What Happened?
In the October 29 press release, Europol reported that 12 suspected criminals who had been “wreaking havoc on the world” had been captured in Ukraine and Switzerland. According to the agency, most of the captured individuals are considered “...high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.”
Europol did not specify if the suspects had been charged with their alleged crimes but simply stated that they were targeted and that a number of them had been interrogated.
What Offences Were the Criminals Accused of?
The individuals are suspected of having launched ransomware attacks that have affected over 1800 individuals in 71 countries across the globe. They allegedly target the critical infrastructure of large organizations and are able to effectively bring the entire business to a standstill, leading to the loss of thousands of dollars.
These suspects all had different roles in their organized criminal organizations. Some were concerned with penetration into their victim’s IT networks, using tactics like phishing emails, credential stuffing, SQL injections, and more.
After successfully entering the network, other suspects would focus on moving laterally and deploying malware that would ensure their activities on the victim’s network remain undetected while gaining further access.
The suspects would lay undetected for months, exploring the network and locating IT weaknesses. Eventually, they would capitalize on these weaknesses by deploying ransomware such as Dharma, LockerGoga, and others onto the network. This malicious software would have a crippling effect on the network because the threat actors had time to explore the network.
At this point, the suspects would send a ransom note demanding a certain amount in Bitcoin in exchange for the decryption keys.
This is the alleged method the suspects used to extort money from large organizations. They are suspected of being behind the ransomware attack on the Norwegian aluminum processing company Norsk Hydro. The company was hit with a ransomware attack in 2019 that led to its operations being shut down across two continents for almost a week. This cost the company over $50 million in damages.
How did Europol Capture Them?
The sting was a joint effort between multiple law enforcement agencies in eight countries as the victims were located in different geographical locations, therefore in different law enforcement jurisdictions.
French authorities initiated the investigation and set up a Joint Investigation Team (JIT) in September 2019 between Ukraine, France, Norway, and the United Kingdom. The team obtained financial support from Eurojust and assistance from both Europol and Eurojust.
This team worked together to uncover the extent and complexity of the crimes of these cyber actors. At the same time, the Dutch and US agencies carried out their independent investigations.
Before October 26, when the suspects were captured, Eurojust hosted seven coordination meetings between all the agencies investigating the suspects. The team transported over 50 foreign investigators to Ukraine to assist the National Police on the capture day.
According to Europol,
“The operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).”
What did the Authorities Find?
After the capture in the early hours of October 26 in Ukraine and Switzerland, Europol seized over $52,000 in cash and five luxury vehicles. At the moment, the agency is carrying forensic examinations on the retrieved electronic devices of the suspects. This is to extract evidence and, if possible, identify new leads.